How Bromium lets bad guys in and still keeps data safe

Forget the ideas of virtual desktops and desktop hypervisors to separate employees’ work lives from their personal lives. A new security startup called Bromium launched on Wednesday with the goal of protecting corporate data on employee devices while letting those employees operate the same as they ever have. Bromium — founded in 2011 by Xen hypervisor creators Ian Pratt and Simon Crosby, along with Guarav Banga — works its magic by creating isolated instances on a computer’s processor that keep code from going where it’s not wanted.

CTO Crosby explained to me the thinking behind Bromium like this: Human beings don’t do well when they’re fortified within the walls of a city. They want to go out, explore the world around them and click on shiny attachments. This means constantly entering into “areas of unfathomable trust” where it’s easy to get hurt if they’re not careful.

However, when employees are doing this exploring on computers that also store and have access to corporate data, the real concern is they’ll meet a nefarious but cunning stranger and bring him back into the city’s fortified walls. In fact, Crosby said, that will happen, which is why “any approach that says we can stop the bad guys is basically a lie.” What you need is a way to make sure that stranger sees as little as he needs to, and is shown the door in a hurry.

So what’s Bromium’s secret?

To some degree, Bromium’s product, called Microvisor, is like a traditional hypervisor that’s installed on a server or desktop’s operating system and divvies it into several smaller virtual machines, or VMs. Only whereas traditional VMs are full versions of an operating system complete with full suites of applications, Microvisor uses the hardware virtualization present on Intel desktop processors to create what Bromium calls micro-VMs. Microvisor creates micro-VMs immediately whenever someone opens a new application, clicks on a link or downloads an attachment (and destructs them when those tasks end). And each micro-VM gets only the operating system resources and file system access it needs to do its job.

Because micro-VMs exist at the hardware level and not within a hypervisor installed on the host operating system, they go a long way toward limiting unwanted intrusions into sensitive data by operating in isolation from one another. Bromium calls this “the principle of least privilege.” Essentially, if I’m a piece of malware, I can’t infect areas of the physical machine’s OS or those of any other micr0-VMs, and whatever damage I might do within my micro-VM becomes moot when the micro-VM shuts down, never again to exist.

This approach, Crosby said, solves one of the primary problems with virtual desktops and desktop virtualization products that view VMs as a value proposition rather than the problem that needs solving. For user endpoints rather than servers, he explained, “the abstraction that is a virtual machine is of no use whatsoever” because if an attacker targets someone’s corporate email address or otherwise infiltrates the “business” VM, he’s in. “God, how stupid is that?” Crosby joked.

To make itself as impenetrable as possible, Bromium has a small code base — presently around 100,000 lines — that will only get smaller in time. Less code, said Crosby, should mean fewer vulnerabilities. “Throw away a line of code every day,” he said. “If you can, throw away 10.”

I’m an end-user, how does Bromium improve my life?

From a user’s perspective, Crosby said, one of the best parts about Bromium Microvisor is that the user just goes about business as usual. Whitelisted applications provisioned by the IT department aren’t affected at all, and even applications and tasks that run in micro-VMs do so transparently to the user. Employees don’t want multiple operating systems running on the same device, he said, they just want one experience that works.

Plus, Crosby said, because micro-VMs are so lightweight, they do their job with the performance lag often associated with other types of desktop virtualization products and antivirus programs. And a standard laptop can support hundreds of micro-VMs.

However, while it all sounds great in theory, there is one catch that end-users might not like — for now, Microvisor only runs on Intel processors running Microsoft Windows. Until it supports different OSes and processor architectures (which it will in time), Microvisor is no cure-all that will have employers embracing BYOD because iPads and Android tablets will suddenly be deemed safe.

Oh, and CIOs and IT departments still have to decide to go with Microvisor over the virtual desktops and client-side hypervisors that so many other IT vendors are pushing. Given Bromium’s executive pedigree and the general malaise over the alternatives, one has to think it will get plenty of consideration. But until it’s proven out in the wild, the decision to deploy something as unique as Microvisor is itself a decision of unfathomable trust.